Does Email Log have any unpatched vulnerabilities?

No. All known vulnerabilities in Email Log have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Log compatible with WordPress 6.9.4?

According to WordPress.org data, Email Log 2.62 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Log compatible with PHP 5.6+?

Email Log requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Email Log updated?

Email Log was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Email Log's security score?

Email Log has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Log Security & Risk Analysis

wordpress.org/plugins/email-log

Log and view all outgoing emails from WordPress. Very useful if you have to debug email related problems or have to store sent emails for auditing.

80K active installs v2.62 PHP 5.6+ WP 4.0+ Updated Dec 3, 2025

emailemail-logloglog-emailresend-email

A · Safe

CVEs total4

Unpatched0

Last CVEMay 23, 2024

Plugin page Download

Safety Verdict

Is Email Log Safe to Use in 2026?

Generally Safe

Score 95/100

Email Log has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: May 23, 2024Updated 4mo ago

Risk Assessment

The email-log plugin v2.62 presents a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with only one AJAX handler, and importantly, this handler appears to be protected by authentication checks. Furthermore, the code demonstrates good practices in terms of output escaping (91%) and includes nonce and capability checks, mitigating common web vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests is also a strong security indicator.

However, concerns arise from the taint analysis, which identified one high-severity flow with unsanitized paths. This suggests a potential vulnerability where user-supplied input could be used in an insecure way within the plugin's logic, potentially leading to unintended consequences. The plugin also has a history of known vulnerabilities, including high and medium severity issues such as Code Injection, SQL Injection, and Cross-site Scripting. While there are currently no unpatched CVEs, this pattern of past vulnerabilities indicates a recurring need for careful auditing and timely patching. The SQL query usage, with only 45% prepared statements, also indicates a potential for SQL injection if not handled meticulously in the remaining queries.

In conclusion, while the plugin has implemented some robust security measures like protected entry points and good output escaping, the presence of a high-severity taint flow and a history of diverse vulnerabilities necessitate caution. The focus should be on thoroughly investigating the identified taint flow and ensuring all SQL queries are properly parameterized to prevent potential exploitation.

Key Concerns

High severity unsanitized path taint flow
History of high severity vulnerabilities
SQL queries not using prepared statements (55% not prepared)
History of medium severity vulnerabilities

Vulnerabilities

Email Log Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

2 CVEs in 2021

2021

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-0867high · 8.1Improper Control of Generation of Code ('Code Injection')

Email Log <= 2.4.8 - Unauthenticated Hook Injection

May 23, 2024 Patched in 2.4.9 (1d)

CVE-2021-24924medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Log <= 2.4.7 - Reflected Cross-Site Scripting

Nov 8, 2021 Patched in 2.4.8 (806d)

CVE-2021-24758high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Email Log <= 2.4.6 - Admin+ SQL Injection

Oct 18, 2021 Patched in 2.4.7 (827d)

WF-3cf570e4-7cae-4adc-ac3e-84225d74da39-email-logmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Log <= 2.2.2 - Stored Cross-Site Scripting

Nov 11, 2017 Patched in 2.2.3 (2264d)

Code Analysis

Analyzed Mar 16, 2026

Email Log Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

125 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

45% prepared20 total queries

Output Escaping

91% escaped138 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

search_box (include\Core\UI\ListTable\LogListTable.php:357)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Email Log Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_el-log-list-view-messageinclude\Core\Request\LogListAction.php:21

WordPress Hooks 39

actionplugins_loadedemail-log.php:86

filteruser_has_capinclude\Core\AdminCapabilityGiver.php:16

actionwpmu_new_bloginclude\Core\DB\TableManager.php:32

filterwpmu_drop_tablesinclude\Core\DB\TableManager.php:34

actioninitinclude\Core\EmailLog.php:140

actionadmin_enqueue_scriptsinclude\Core\EmailLog.php:154

actionadmin_action_emaillog_install_wp301include\Core\EmailLog.php:155

filtersafe_style_cssinclude\Core\EmailLog.php:340

filtersafe_style_cssinclude\Core\EmailLog.php:597

filterwp_mailinclude\Core\EmailLogger.php:15

actionwp_mail_failedinclude\Core\EmailLogger.php:16

actionbp_send_email_successinclude\Core\EmailLogger.php:26

actionbp_send_email_failureinclude\Core\EmailLogger.php:27

actionel-log-list-deleteinclude\Core\Request\LogListAction.php:23

actionel-log-list-delete-allinclude\Core\Request\LogListAction.php:24

actionel-log-list-manage-user-roles-changedinclude\Core\Request\LogListAction.php:25

actionadmin_initinclude\Core\Request\NonceChecker.php:21

actionel_admin_footerinclude\Core\UI\Component\AdminUIEnhancer.php:51

actionwp_dashboard_setupinclude\Core\UI\Component\DashboardWidget.php:20

actionadmin_body_classinclude\Core\UI\ListTable\LogListTable.php:44

actionel_display_log_columnsinclude\Core\UI\ListTable\LogListTable.php:46

actionel_view_log_after_headersinclude\Core\UI\ListTable\LogListTable.php:47

filterel_export_column_listinclude\Core\UI\ListTable\LogListTable.php:49

filterel_export_raw_loginclude\Core\UI\ListTable\LogListTable.php:50

actionadmin_menuinclude\Core\UI\Page\BasePage.php:41

filterset-screen-optioninclude\Core\UI\Page\LogListPage.php:45

actionadmin_enqueue_scriptsinclude\Core\UI\Page\LogListPage.php:47

actionadmin_initinclude\Core\UI\Page\SettingsPage.php:26

filterel_setting_sectionsinclude\Core\UI\Setting\CoreSetting.php:65

actionel_email_log_insertedinclude\Core\UI\Setting\CoreSetting.php:70

actionel_trigger_notify_email_when_log_threshold_metinclude\Core\UI\Setting\CoreSetting.php:71

actionadmin_noticesinclude\Core\UI\Setting\CoreSetting.php:516

filterel_setting_sectionsinclude\Core\UI\Setting\Setting.php:36

actionwpmu_new_bloginclude\install.php:120

filterwpmu_drop_tablesinclude\install.php:123

actionadmin_initwf-flyout\wf-flyout.php:27

actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:73

actionadmin_headwf-flyout\wf-flyout.php:74

actionadmin_footerwf-flyout\wf-flyout.php:75

Maintenance & Trust

Email Log Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.6

Downloads1.0M

Community Trust

Rating84/100

Number of ratings43

Active installs80K

Alternatives

Email Log Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Activity Log – Monitor & Record User Changes

aryo-activity-log

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

200K 9 CVEs

Developer Profile

Email Log Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect Email Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/email-log/assets/css/bootstrap.min.css/wp-content/plugins/email-log/assets/css/email-log.css/wp-content/plugins/email-log/assets/css/email-log-datatable.css/wp-content/plugins/email-log/assets/js/bootstrap.bundle.min.js/wp-content/plugins/email-log/assets/js/email-log-datatable.js/wp-content/plugins/email-log/assets/js/email-log.js/wp-content/plugins/email-log/assets/js/email-log-pro.js/wp-content/plugins/email-log/assets/img/loader-icon.png+2 more

Script Paths

/wp-content/plugins/email-log/assets/js/bootstrap.bundle.min.js/wp-content/plugins/email-log/assets/js/email-log-datatable.js/wp-content/plugins/email-log/assets/js/email-log.js/wp-content/plugins/email-log/assets/js/email-log-pro.js

Version Parameters

email-log/assets/css/bootstrap.min.css?ver=email-log/assets/css/email-log.css?ver=email-log/assets/css/email-log-datatable.css?ver=email-log/assets/js/bootstrap.bundle.min.js?ver=email-log/assets/js/email-log-datatable.js?ver=email-log/assets/js/email-log.js?ver=email-log/assets/js/email-log-pro.js?ver=

HTML / DOM Fingerprints

CSS Classes

email-log-settingsemail-log-wrapperemail-log-table-wrapemail-log-tab-contentemail-log-tab-paneemail-log-modalemail-log-modal-contentemail-log-modal-header+3 more

HTML Comments

+1 more

Data Attributes

data-email-log-settingsdata-email-log-tabledata-nonce

JS Globals

email_log_paramsEmailLogemail_log_dashboard_widget_paramsEmailLogDashboardWidgetwf_flyout

FAQ